European Parliament rapporteurs today presented two draft reports on the reform of the EU's data protection rules proposed by the European Commission just a year ago (see IP/12/46 and MEMO/12/41). In their reports, Jan-Philipp Albrecht, rapporteur for the proposed Data Protection Regulation for the Civil Liberties, Justice and Home Affairs Committee (LIBE) of the European Parliament, and, Dimitrios Droutsas, rapporteur for the proposed Data Protection Directive for the law enforcement sector, express their full support for a coherent and robust data protection framework with strong end enforceable rights for individuals. They also stress the need for a high level of protection for all data processing activities in the European Union to ensure more legal certainty, clarity and consistency.

"The protection of personal data is a fundamental right for all Europeans. Opinion polls show that individuals do not always feel in full control of their data. Policy makers and companies must therefore do better," said Vice-President Viviane Reding, the EU's Justice Commissioner. "I am glad to see that the European Parliament rapporteurs are supporting the Commission's aim to strengthen Europe's data protection rules which currently date back to 1995 – pre-Internet age. A strong, clear and uniform legal framework will help unleashing the potential of the Digital Single Market and foster economic growth, innovation and job creation in Europe."

In their reports on the Commission's proposals for a general Data Protection Regulation and a Directive for the law enforcement sector the Members of the European Parliament support the proposed package approach. They stress the need to advance negotiations swiftly on both instruments at the same time.

The European Parliament rapporteurs, building on previous reports by the European Parliament such as the Axel Voss report (MEMO/11/489), support the objectives of the reform, which are: to establish a comprehensive approach to data protection, to strengthen online privacy rights and to do away with the current fragmentation of 27 different national data protection laws which are costly and burdensome for businesses operating on Europe's single market.

Some of the amendments which the rapporteurs of the Parliament are proposing in their reports aim at reinforcing individuals' rights, including the right to be forgotten.

Some of the key points of the rapporteurs' reports include:

The need to replace the current 1995 Data Protection Directive with a directly applicable Regulation thatcovers the processing of personal data by both the private and public sector. A single set of rules on data protection, valid across the EU will remove unnecessary administrative requirements for companies and can save businesses around €2.3 billion a year.

The support in principle for the Commission's proposal to have a "one-stop shop" for companies that operate in several EU countries and for consumers who want to complain against a company established in a country other than their own. To ensure consistency in the application of EU data protection rules, the European Parliament rapporteur wants to create a powerful and independent EU data protection agency entrusted with taking legally binding decisions vis-à-vis national data protection authorities.

Support for the strengthening of users' rights: they encourage the use by companies of pseudonymous and anonymous data; they further propose strengthening the concept of explicit consent for data to be legally processed by asking companies to use clear and easily comprehensible language (also with regards to privacy policies); the 'Albrecht-report' proposes further reinforcing the "right to be forgotten" (the right to erase one's data if there are no legitimate grounds to retain it) by asking companies which have transferred data to third parties without a legitimate legal basis to make sure these data are actually erased.

The European Parliament rapporteurs agree with the European Commission's proposal that EU rules must apply if personal data of individuals in the EU is handled abroad by companies which are not established in the Union. According to the amendments proposed it would be sufficient that a company aimsat offering its goods or services to individuals in the EU. An actual payment from the consumer to the company is not needed to trigger the application of the data protection regulation.

The European Parliament rapporteurs stress the need to have independent national data protection authorities which are well-equipped to better enforce the EU rules at home. The 'Albrecht-report' provides guidance as to the staffing and resourcing of these authorities and welcomes the Commission's proposal to empower them to fine companies that violate EU data protection rules.

On the delegated acts foreseen in the Regulation (also known as 'Commission empowerments' or acts which ensure that if, in practice, more specific rules are necessary, they can be adopted without going through a long legislative process): the European Parliament rapporteur wants to drastically reduce the number of delegated acts by including, among others, more detailed provisions in the text of the Regulation itself. The European Commission has recently shown its openness to such an approach (see SPEECH/12/764).

On the Directive that will apply general data protection principles and rules to police and judicial cooperation in criminal matters, the rapporteur agrees with the Commission's proposal to extend the rules to both domestic and cross-border transfers of data. The report also aims to strengthen data protection further by enhancing individuals' rights, giving national data protection authorities greater and more harmonised enforcement powers and by obliging them to cooperate in cross-border cases.

Next steps: On 18 January the data protection package will be high on the agenda of the informal Justice Council taking place in Dublin.

The European Parliament plenary vote is expected around April.

The European Commission will continue to work very closely with the rapporteurs of the European Parliament and with the Council to support the Parliament and the Irish EU Presidency in their endeavour to achieve a political agreement on the data protection reform by the end of the Irish Presidency.

Background

In the digital age, the collection and storage of personal information are essential. Data is used by all businesses – from insurance firms and banks to social media sites and search engines. In a globalised world, the transfer of data to third countries has become an important factor in daily life. There are no borders online and cloud computing means data may be sent from Berlin to be processed in Boston and stored in Bangalore.

74% of Europeans think that disclosing personal data is increasingly part of modern life, but at the same time, 72% of Internet users are worried that they give away too much personal data. They feel they are not in complete control of their data. Fading trust in online services and tools holds back the growth of the digital economy and Europe's digital single market.

On 25 January 2012 the European Commission proposed a comprehensive reform of the EU's 1995 data protection rules to strengthen online privacy rights and boost Europe's digital economy. The Commission's proposals update and modernise the principles enshrined in the 1995 Data Protection Directive to bring them into the digital age. They include a proposal for a Regulation setting out a general EU framework for data protection and a proposal for a Directive on protecting personal data processed for the purposes of prevention, detection, investigation or prosecution of criminal offences and related judicial activities (IP/12/46).

The Commission proposals follow up on the European Parliament report by Axel Voss (MEMO/11/489) which called on the Commission to reform European data protection rules.